package com.csw.xuxianParent.xuxianUser.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 安全配置类
 */
/*<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>*/

/**
 * 账号是user 在@SpringBootApplication注解上排除掉烦人的SpringSecurity，不要让它自动配置
 *
 * @SpringBootApplication(exclude={SecurityAutoConfiguration.class, OAuth2AutoConfiguration.class,
 * SecurityFilterAutoConfiguration.class,
 * ManagementWebSecurityAutoConfiguration.class,DataSourceAutoConfiguration.class})
 */// 第二步
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().antMatchers("/**").permitAll()// 所有请求都放行
				.anyRequest().authenticated().and().csrf().disable();
	}
}
